How do you retrieve the username of someone on Youtube who is using your application with PHP? I'd prefer to do this without the API but if needs be point me in the right direction because i don't know what to download , I've visited the google developers site / place already.
I found some code from 2009 but it was to retrieve usernames from a youtube video and it didn't work. I tried reading the contents of page with the fopen() and file_get_contents() but it always appears as if I'm not signed in whereas I am signed in via FireFox.
Don't know if this makes a difference but I was running this on EasyPHP via localhost
Thanks
You can't, by design. You do not have their session cookie server-side where you're using fread. Youtube determines whether you are or are not signed in based on that session cookie, and you do not have one on your server.
If you want their YouTube user name, use a client-side API in JavaScript or simply ask them for it with a text input field. It is impossible to find it server-side, as it should be. Your server has no business finding out my Youtube username without my express permission and interaction.
Related
I have to convert my web page to pdf in php. I googled and found several leads.
http://pdfcrowd.com/web-html-to-pdf-php/
How to convert a PHP web page to PDF?
However, my web page is password protected. Is there a way a script can login (of course, the credentials will be provided) and then after successful login, convert the web page to html.
Is the above even possible? If yes, can someone give me some suggestions. If not, are there any alternate ways to do it?
Thanks
You may retrieve the page (pdf) contents using php curl with basic http auth.
Check How do I make a request using HTTP basic authentication with PHP curl?
Our PDFmyURL API allows you to login and convert the page to PDF. We support many different standard ways that your page can be protected, so you don't need to build any new way specifically for our API.
You can find the documentation on accessing content in secure members area at the PDFmyURL.com API documentation page
EDIT: in september 2015 we added functionality that allows you to log in to your members area directly from our own members area. All our tools (the API and also manual conversions) will then be able to access your members area pages without any problems.
You can also do a more simple thing.
ctrl + P = Print page
Then change destination to pdf file
After that choose where on computer to save the page and that's it.
Peardoc, the firm I work for, provides a solution to convert static/dynamic HTML to PDF on password protected web applications. This service requires the user, who has signed in, to click a "save as PDF" link.
Demo: http://www.peardoc.com/sap_pro_demo.html
"I have to do it automatically using a script. without user intervention."
Are you looking for, say, an API service, which will handle PDF conversion (post authentication) without user intervention?
just put this script one button will be generated for password protected pages use this one.
For Detail link - http://freehtmltopdf.com/
I saw a few questions out there already about ensuring site access comes from QR code scans, but they seemed to be focused on analytics purposes (tracking where traffic was coming from), whereas my interest is in security/privacy.
I want to set up a site that can only be accessed when a provided QR code is scanned. In other words, I don't want the URL that the QR code possesses to be able to just be manually typed/pasted in for site access via other means.
I've been googling this issue for a bit with no luck whatsoever. I'm trying to think of a way with referring URLs or other means to ensure that a person arrived at the site by actually scanning the provided QR code.
EDIT: The solution would need to be scanner-independent as well (i.e. I cannot force users to download and use a specific QR scanner app) and cross-platform (Android + iOS + WinMo + BlackBerry, etc.).
Now I submit the issue to you wonderful folks.
We got something the same at our company. We provide a link like:
zxing://scan/?ret=http%3A%2F%2Ffoo.com%2Fproducts%2F%7BCODE%7D%2Fdescription&SCAN_FORMATS=UPC_A,EAN_13
Where {CODE} is the code which is returned in the QRCode. So what you can do is create an url like above (see more info for a link). And then put a encrypted data in the QRCode, so only if this url is clicked by the user and the data of the QRcode is correct. People can continue to go on your website. This way if the qrcode is leaked, they won't know the site. And if they know the site, the code is encrypted.
If people scan the barcode by clicking on your website. The zxing will open a new browser with the URL and the {CODE} filled with the scanned code.
But, people do need the barcode scanner from android or iphone.
More info:
zxing download / homepage
zXing scanning from w
You can't ensure that the URL came from scanning the QR code, that isn't possible. QR codes are just a method of encoding text, once the user knows the text they can do whatever they want with it.
You can, however, restrict the usefulness of the QR code so even if it is leaked it isn't useful. If possible, I would start by generating the QR codes on-demand with a random seed and have them expire shortly thereafter. This would make it so even if the QR code were leaked, it wouldn't be useful for very long.
About the best you can do is set a query string in your QR code. Something like:
http://www.example.com/myapp
Could be changed to something like:
http://www.example.com/myapp/?qrcode=1
This can then be handled in PHP with:
if(!isset($_GET['qrcode'])) die();
The problem with this, of course, though, is that anyone with the URL could simply navigate directly to that URL in their normal web browser.
This isn't something you can prevent, however.
You can also check whether $_SERVER['HTTP_USER_AGENT'] claims to be a mobile phone. Here's another question on the topic.
You could add parameters, but ultimately QR codes are just a method of encoding text, so whatever you encode can be typed into a browser if someone knows what's encoded.
If you are making post call to any web URL from QR code, then whatever body you are sending with it, will not be visible unless user went through QR scan mode.So by just entering Web URL user will not able to access web URL contents.
I've been playing around with the Facebook PHP SDK for a site that I'd like to use Facebook's single sign in for. I've been able to login to my Facebook account from my site and successfully tested a few of the features (posting to /me, an FQL query etc.).
When generating the login URL I have set the cookie parameter to true, however I seem unable to establish a persistent session with Facebook. At the moment the Facebook login window redirects the whole website (I have not yet tested this within the webpage or a popup). The user can authorise and is returned to my site, but the session data is stored in a query string on the return URL. If this string is removed the user must reauthenticate.
Previously I have worked with the JS SDK and this has not been an issue. It's worth noting in this case that I am avoiding using the FBJS (because I believe the PHP SDK is an alternative) and FBML (because it is deprecated) - I also have not implemented a cross domain communication file as this appears to be unnecessary.
I have read about conducting the authentication within an iFrame. I'm unable to find any documentation about this though.
I have considered storing the $_GET querystring in a session on my site and appending it to the website URL, or an iFrame URL, when I need to authenticate. I'm certain that this is the incorrect way to achieve what I'd like though.
Please could someone point me in the direction of some documentation regarding this. Perhaps I am mistaken in thinking I can do this without JS, or maybe I need to manually set up the session cookie? I've searched at length but have been unable to find any documentation that describes this specifically.
Thanks for any help!
Hello I am looking to build a basic API and application/apps system on my social network something like Facebook or other sites have, my site is in php/mysql. Here are some questions.
1)
Basically what I want to do is give a user a API key and secret. After I have these how can I use them in my php app to authenticate a user request which would come from there server?
2)
I can basically build an API to send a request to my server with CURL and get the result back to the page in XML or JSON or whatever, the problem is when sending the request the user would have to know the user ID they want to send to lookup data against, this is fine for an API but I am wanting to have an Apps section where the user's app site would be using the API and would be loaded into my site in the app section with an iframe, the problem is, I need to find a good way to make it where a logged in user on my site can go to the app section and go to an app and there username should be available to that page loaded in the iframe. Facebook and myspace do this somehow and many other sites; I am lost how to get around this hurdle.
Any help on any of this is really appreciated, thank you
Update:
I just had an idea, if I require a cookie to be set when a user visit's my site, then they would have a cookie and it could hold there User ID, then my API script could look for that cookie to exist and grab it's value?
If you plane on using an IFRAME, then no, your API hosted on a separate website (the website inside the IFRAME) would not be able to grab the cookie. The cookie is only visible on the website that it was set for.
I have only used Facebook API with the FBML (not the IFRAME,) but all they do their is basically replace what's in the page with the info that the "tag" is calling. I'm not sure if there is a better way, but you could possibly call a page on the app's server (say the app is hosted at http://example.com/app/, and you called http://example.com/app/?id=28318&name=John%20Maguire,) and have your API code handle it and turn it into a variable?
Maybe you should look into the source code of the Facebook API client.
We have a webpage that we provide to partner companies via an iFrame. The iFrame contains several javascript files that make ajax requests to our server for data. The iFrame itself requires an API Key that is keyed to the domain of the partner. This prevents the iFrame from displaying if it is installed on a domain that isn't registered. However, it would be pretty easy to simply copy the contents and javascript files of the iFrame from a registered site and host them on a non-registered site.
Ideally we'd like to use the API key to restrict Ajax requests and prevent our server from providing the requested data for non-registered sites. However, it appears that the HTTP_REFERER server variable is not set for Ajax requests. How can we tell what site that the request is coming from? Is it possible? If not, how can we prevent unauthorized access?
Relying on HTTP_REFERER isn't the way to go. You want your client's website to use an API to contact your website over a secure link, and get a temporary session string, which is then used as part of the source url for the IFRAME, which is how google does it (not with referer.)
Make the url for the IFRAME valid for a limited time, after which you display a nice message about going back to the client's page to start over.
When the iframe is requested you can generate a unique ID on your server, then set that as a cookie on the client. Every AJAX request should contain that cookie. Only keep around the ID's for the last hour or so.
You can never rely on HTTP_REFERER because some proxy servers and firewalls will strip it out to preserve users' privacy.
The challenge is that the iframe is authorized to a specific domain, so my API Key is tied to that. I followed the following tutorial to generate my API keys.
https://ajax.dev.java.net/ajax/api-keys
Do you think that relying on the HTTP_REFERER variable will prevent users from accessing the iframe? Sun claims that Google uses this method for Google Maps API authentication.
Once the API key has been authenticated, then the cookie approach should do the trick, I think. Thanks!